• Home
  • Deploy Dynatrace
  • Set up Dynatrace on cloud platforms
  • Amazon Web Services
  • Integrations
  • Amazon Web Services
  • Amazon RDS

Amazon RDS

Dynatrace ingests metrics for multiple preselected namespaces, including Amazon RDS. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need:

  • Any version of ActiveGate in both Dynatrace SaaS and Managed deployments.
    Note: For role-based access (whether in a SaaS or Managed deployment), you need an ActiveGate installed on an Amazon EC2 host.
  • An updated AWS monitoring policy to include the additional AWS services.
    To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all cloud services.
JSON predefined policy for all cloud services
json
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "acm-pca:ListCertificateAuthorities", "apigateway:GET", "apprunner:ListServices", "appstream:DescribeFleets", "appsync:ListGraphqlApis", "athena:ListWorkGroups", "autoscaling:DescribeAutoScalingGroups", "cloudformation:ListStackResources", "cloudfront:ListDistributions", "cloudhsm:DescribeClusters", "cloudsearch:DescribeDomains", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "codebuild:ListProjects", "datasync:ListTasks", "dax:DescribeClusters", "directconnect:DescribeConnections", "dms:DescribeReplicationInstances", "dynamodb:ListTables", "dynamodb:ListTagsOfResource", "ec2:DescribeAvailabilityZones", "ec2:DescribeInstances", "ec2:DescribeNatGateways", "ec2:DescribeSpotFleetRequests", "ec2:DescribeTransitGateways", "ec2:DescribeVolumes", "ec2:DescribeVpnConnections", "ecs:ListClusters", "eks:ListClusters", "elasticache:DescribeCacheClusters", "elasticbeanstalk:DescribeEnvironmentResources", "elasticbeanstalk:DescribeEnvironments", "elasticfilesystem:DescribeFileSystems", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetHealth", "elasticmapreduce:ListClusters", "elastictranscoder:ListPipelines", "es:ListDomainNames", "events:ListEventBuses", "firehose:ListDeliveryStreams", "fsx:DescribeFileSystems", "gamelift:ListFleets", "glue:GetJobs", "inspector:ListAssessmentTemplates", "kafka:ListClusters", "kinesis:ListStreams", "kinesisanalytics:ListApplications", "kinesisvideo:ListStreams", "lambda:ListFunctions", "lambda:ListTags", "lex:GetBots", "logs:DescribeLogGroups", "mediaconnect:ListFlows", "mediaconvert:DescribeEndpoints", "mediapackage-vod:ListPackagingConfigurations", "mediapackage:ListChannels", "mediatailor:ListPlaybackConfigurations", "opsworks:DescribeStacks", "qldb:ListLedgers", "rds:DescribeDBClusters", "rds:DescribeDBInstances", "rds:DescribeEvents", "rds:ListTagsForResource", "redshift:DescribeClusters", "robomaker:ListSimulationJobs", "route53:ListHostedZones", "route53resolver:ListResolverEndpoints", "s3:ListAllMyBuckets", "sagemaker:ListEndpoints", "sns:ListTopics", "sqs:ListQueues", "storagegateway:ListGateways", "sts:GetCallerIdentity", "swf:ListDomains", "tag:GetResources", "tag:GetTagKeys", "transfer:ListServers", "workmail:ListOrganizations", "workspaces:DescribeWorkspaces" ], "Resource": "*" } ] }

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for all services (All monitored Amazon services) and, for each cloud service, a list of optional permissions specific to that service.

Complete list of permissions for cloud services
NameAdditional permissions
AWS Certificate Manager Private Certificate Authority"acm-pca:ListCertificateAuthorities"
All monitored Amazon services"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
Amazon MQ
Amazon API Gateway"apigateway:GET"
AWS App Runner"apprunner:ListServices"
Amazon AppStream"appstream:DescribeFleets"
AWS AppSync"appsync:ListGraphqlApis"
Amazon Athena"athena:ListWorkGroups"
Amazon Aurora"rds:DescribeDBClusters"
Amazon EC2 Auto Scaling"autoscaling:DescribeAutoScalingGroups"
Amazon EC2 Auto Scaling (built-in)"autoscaling:DescribeAutoScalingGroups"
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront"cloudfront:ListDistributions"
AWS CloudHSM"cloudhsm:DescribeClusters"
Amazon CloudSearch"cloudsearch:DescribeDomains"
AWS CodeBuild"codebuild:ListProjects"
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS)"eks:ListClusters"
AWS DataSync"datasync:ListTasks"
Amazon DynamoDB Accelerator (DAX)"dax:DescribeClusters"
Amazon Database Migration Service"dms:DescribeReplicationInstances"
Amazon DocumentDB"rds:DescribeDBClusters"
AWS Direct Connect"directconnect:DescribeConnections"
Amazon DynamoDB (built-in)"dynamodb:ListTables",
"dynamodb:ListTagsOfResource"
Amazon EBS (built-in)"ec2:DescribeVolumes"
Amazon EC2 API
Amazon EC2 (built-in)"ec2:DescribeInstances"
Amazon EC2 Spot Fleet"ec2:DescribeSpotFleetRequests"
Amazon Elastic Container Service (ECS)"ecs:ListClusters"
Amazon ECS ContainerInsights"ecs:ListClusters"
Amazon ElastiCache (EC)"elasticache:DescribeCacheClusters"
AWS Elastic Beanstalk"elasticbeanstalk:DescribeEnvironments"
Amazon Elastic File System (EFS)"elasticfilesystem:DescribeFileSystems"
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR)"elasticmapreduce:ListClusters"
Amazon Elasticsearch Service (ES)"es:ListDomainNames"
Amazon Elastic Transcoder"elastictranscoder:ListPipelines"
AWS Elastic Load Balancing (ELB) (built-in)"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth"
Amazon EventBridge"events:ListEventBuses"
Amazon FSx"fsx:DescribeFileSystems"
Amazon GameLift"gamelift:ListFleets"
AWS Glue"glue:GetJobs"
Amazon Inspector"inspector:ListAssessmentTemplates"
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka"kafka:ListClusters"
Amazon Kinesis Data Analytics"kinesisanalytics:ListApplications"
Amazon Kinesis Data Firehose"firehose:ListDeliveryStreams"
Amazon Kinesis Data Streams"kinesis:ListStreams"
Amazon Kinesis Video Streams"kinesisvideo:ListStreams"
AWS Lambda (built-in)"lambda:ListFunctions",
"lambda:ListTags"
Amazon Lex"lex:GetBots"
AWS Application and Network Load Balancer (built-in)"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth"
Amazon CloudWatch Logs"logs:DescribeLogGroups"
AWS Elemental MediaConnect"mediaconnect:ListFlows"
Amazon MediaConvert"mediaconvert:DescribeEndpoints"
Amazon MediaPackage Live"mediapackage:ListChannels"
Amazon MediaPackage Video on Demand"mediapackage-vod:ListPackagingConfigurations"
Amazon MediaTailor"mediatailor:ListPlaybackConfigurations"
Amazon VPC NAT Gateways"ec2:DescribeNatGateways"
Amazon Neptune"rds:DescribeDBClusters"
AWS OpsWorks"opsworks:DescribeStacks"
Amazon Polly
Amazon QLDB"qldb:ListLedgers"
Amazon RDS (built-in)"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource"
Amazon Redshift"redshift:DescribeClusters"
Amazon Rekognition
AWS RoboMaker"robomaker:ListSimulationJobs"
Amazon Route 53"route53:ListHostedZones"
Amazon Route 53 Resolver"route53resolver:ListResolverEndpoints"
Amazon S3"s3:ListAllMyBuckets"
Amazon S3 (built-in)"s3:ListAllMyBuckets"
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances"sagemaker:ListEndpoints"
Amazon SageMaker Endpoints"sagemaker:ListEndpoints"
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS)"sns:ListTopics"
Amazon Simple Queue Service (SQS)"sqs:ListQueues"
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway"storagegateway:ListGateways"
Amazon SWF"swf:ListDomains"
Amazon Textract
AWS IoT Things Graph
Amazon Transfer Family"transfer:ListServers"
AWS Transit Gateway"ec2:DescribeTransitGateways"
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN"ec2:DescribeVpnConnections"
Amazon WAF Classic
Amazon WAF
Amazon WorkMail"workmail:ListOrganizations"
Amazon WorkSpaces"workspaces:DescribeWorkspaces"

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway
json
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "apigateway:GET", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", "ec2:DescribeAvailabilityZones" ], "Resource": "*" } ] }

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All monitored Amazon services.

To disable monitoring of built-in services you need:

  • ActiveGate version 1.245+, Dynatrace version 1.247+
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services
EndpointService

acm-pca.<REGION>.amazonaws.com

AWS Certificate Manager Private Certificate Authority

apigateway.<REGION>.amazonaws.com

Amazon API Gateway

apprunner.<REGION>.amazonaws.com

AWS App Runner

appstream2.<REGION>.amazonaws.com

Amazon AppStream

appsync.<REGION>.amazonaws.com

AWS AppSync

athena.<REGION>.amazonaws.com

Amazon Athena

rds.<REGION>.amazonaws.com

Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS (built-in)

autoscaling.<REGION>.amazonaws.com

Amazon EC2 Auto Scaling, Amazon EC2 Auto Scaling (built-in)

cloudfront.amazonaws.com

Amazon CloudFront

cloudhsmv2.<REGION>.amazonaws.com

AWS CloudHSM

cloudsearch.<REGION>.amazonaws.com

Amazon CloudSearch

cloudsearch.<REGION>.amazonaws.com

Amazon CloudSearch

codebuild.<REGION>.amazonaws.com

AWS CodeBuild

eks.<REGION>.amazonaws.com

Amazon Elastic Kubernetes Service (EKS)

datasync.<REGION>.amazonaws.com

AWS DataSync

dax.<REGION>.amazonaws.com

Amazon DynamoDB Accelerator (DAX)

dms.<REGION>.amazonaws.com

Amazon Database Migration Service

directconnect.<REGION>.amazonaws.com

AWS Direct Connect

dynamodb.<REGION>.amazonaws.com

Amazon DynamoDB (built-in)

ec2.<REGION>.amazonaws.com

Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN

ecs.<REGION>.amazonaws.com

Amazon Elastic Container Service (ECS), Amazon ECS ContainerInsights

elasticache.<REGION>.amazonaws.com

Amazon ElastiCache (EC)

elasticbeanstalk.<REGION>.amazonaws.com

AWS Elastic Beanstalk, AWS Elastic Beanstalk (built-in)

elasticfilesystem.<REGION>.amazonaws.com

Amazon Elastic File System (EFS)

es.<REGION>.amazonaws.com

Amazon Elasticsearch Service (ES)

elastictranscoder.<REGION>.amazonaws.com

Amazon Elastic Transcoder

elasticloadbalancing.<REGION>.amazonaws.com

AWS Elastic Load Balancing (ELB) (built-in), AWS Application and Network Load Balancer (built-in)

events.<REGION>.amazonaws.com

Amazon EventBridge

elastictranscoder.<REGION>.amazonaws.com

Amazon Elastic Transcoder

elasticloadbalancing.<REGION>.amazonaws.com

AWS Elastic Load Balancing (ELB) (built-in), AWS Application and Network Load Balancer (built-in)

events.<REGION>.amazonaws.com

AWS Elastic Load Balancing (ELB) (built-in), AWS Application and Network Load Balancer (built-in)

fsx.<REGION>.amazonaws.com

Amazon FSx

gamelift.<REGION>.amazonaws.com

Amazon GameLift

glue.<REGION>.amazonaws.com

AWS Glue

inspector.<REGION>.amazonaws.com

Amazon Inspector

kafka.<REGION>.amazonaws.com

Amazon Managed Streaming for Kafka

lambda.<REGION>.amazonaws.com

AWS Lambda (built-in)

models.lex.<REGION>.amazonaws.com

Amazon Lex

logs.<REGION>.amazonaws.com

Amazon CloudWatch Logs

mediaconnect.<REGION>.amazonaws.com

AWS Elemental MediaConnect

mediapackage.<REGION>.amazonaws.com

Amazon MediaPackage Live

mediapackage-vod.<REGION>.amazonaws.com

Amazon MediaPackage Video on Demand

api.mediatailor.<REGION>.amazonaws.com

Amazon MediaTailor

opsworks.<REGION>.amazonaws.com

AWS OpsWorks

qldb.<REGION>.amazonaws.com

Amazon QLDB

redshift.<REGION>.amazonaws.com

Amazon Redshift

robomaker.<REGION>.amazonaws.com

Amazon Redshift

route53.amazonaws.com

Amazon Route 53

route53resolver.<REGION>.amazonaws.com

Amazon Route 53 Resolver

s3.<REGION>.amazonaws.com

Amazon S3 (built-in)

api.sagemaker.<REGION>.amazonaws.com

Amazon SageMaker Endpoint Instances, Amazon SageMaker Endpoints

sns.<REGION>.amazonaws.com

Amazon S3 (built-in)

sqs.<REGION>.amazonaws.com

Amazon Simple Queue Service (SQS)

storagegateway.<REGION>.amazonaws.com

AWS Storage Gateway

swf.<REGION>.amazonaws.com

Amazon SWF

transfer.<REGION>.amazonaws.com

Amazon Transfer Family

workmail.<REGION>.amazonaws.com

Amazon WorkMail

workspaces.<REGION>.amazonaws.com

Amazon WorkSpaces

Enable monitoring

To enable monitoring for this service, you need to integrate Dynatrace with Amazon Web Services:

  • Set up Dynatrace SaaS integration
  • Set up Dynatrace Managed integration

Add the service to monitoring

To view service metrics, the service needs to be monitored in your Dynatrace environment.

Built-in services specifics

This is a built-in service. It’s monitored out-of-the-box once a new AWS integration instance is created. For built-in services, all metrics are recommended (changing configuration is not possible).

In case a service was disabled and you want to re-enable it:
  1. In the Dynatrace menu, go to Settings and select Cloud and virtualization > AWS.
  2. On the AWS overview page, select the Edit icon for the AWS instance.
  3. Under Services, select Manage services.
  4. Select Add service, choose the service from the list, and select Add service.
  5. Select Save changes.
Cloud-service monitoring consumption

All cloud services consume Davis data units (DDUs). The amount of DDU consumption per service instance depends on the number of monitored metrics and their dimensions (each metric dimension results in the ingestion of 1 data point; 1 data point consumes 0.001 DDUs).

Monitor resources based on tags

You can choose to monitor resources based on existing AWS tags, as Dynatrace automatically imports them from service instances. Nevertheless, the transition from AWS to Dynatrace tagging isn't supported for all AWS services. Expand the table below to see which cloud services are filtered by tagging.

Tag filtering per service
NameTags monitoring & filtering
AWS Certificate Manager Private Certificate Authorityyes
Amazon MQ-
Amazon API Gatewayyes
AWS App Runneryes
Amazon AppStreamyes
AWS AppSyncyes
Amazon Athenayes
Amazon Aurorayes
Amazon EC2 Auto Scaling-
Amazon EC2 Auto Scaling (built-in)yes
AWS Billing-
Amazon Keyspacesyes
AWS Chatbot-
Amazon CloudFrontyes
AWS CloudHSMyes
Amazon CloudSearch-
AWS CodeBuildyes
Amazon Cognito-
Amazon Connect-
Amazon Elastic Kubernetes Service (EKS)yes
AWS DataSyncyes
Amazon DynamoDB Accelerator (DAX)yes
Amazon Database Migration Serviceyes
Amazon DocumentDByes
AWS Direct Connectyes
Amazon DynamoDB (built-in)yes
Amazon EBS (built-in)yes
Amazon EC2 API-
Amazon EC2 (built-in)yes
Amazon EC2 Spot Fleet-
Amazon Elastic Container Service (ECS)yes
Amazon ECS ContainerInsightsyes
Amazon ElastiCache (EC)yes
AWS Elastic Beanstalkyes
Amazon Elastic File System (EFS)yes
Amazon Elastic Inferenceyes
Amazon Elastic Map Reduce (EMR)yes
Amazon Elasticsearch Service (ES)yes
Amazon Elastic Transcoder-
AWS Elastic Load Balancing (ELB) (built-in)yes
Amazon EventBridgeyes
Amazon FSxyes
Amazon GameLift-
AWS Glueyes
Amazon Inspectoryes
AWS Internet of Things (IoT)-
AWS IoT Analytics-
Amazon Managed Streaming for Kafkayes
Amazon Kinesis Data Analyticsyes
Amazon Kinesis Data Firehoseyes
Amazon Kinesis Data Streamsyes
Amazon Kinesis Video Streamsyes
AWS Lambda (built-in)yes
Amazon Lexyes
AWS Application and Network Load Balancer (built-in)yes
Amazon CloudWatch Logsyes
AWS Elemental MediaConnect-
Amazon MediaConvertyes
Amazon MediaPackage Liveyes
Amazon MediaPackage Video on Demandyes
Amazon MediaTailoryes
Amazon VPC NAT Gatewaysyes
Amazon Neptuneyes
AWS OpsWorksyes
Amazon Polly-
Amazon QLDByes
Amazon RDS (built-in)yes
Amazon Redshiftyes
Amazon Rekognition-
AWS RoboMakeryes
Amazon Route 53-
Amazon Route 53 Resolveryes
Amazon S3yes
Amazon S3 (built-in)yes
Amazon SageMaker Batch Transform Jobs-
Amazon SageMaker Endpoint Instancesyes
Amazon SageMaker Endpointsyes
Amazon SageMaker Ground Truth-
Amazon SageMaker Processing Jobs-
Amazon SageMaker Training Jobs-
AWS Service Catalog-
Amazon Simple Email Service (SES)-
Amazon Simple Notification Service (SNS)yes
Amazon Simple Queue Service (SQS)yes
AWS Systems Manager - Run Command-
AWS Step Functions-
AWS Storage Gatewayyes
Amazon SWF-
Amazon Textract-
AWS IoT Things Graph-
Amazon Transfer Familyyes
AWS Transit Gatewayyes
Amazon Translate-
AWS Trusted Advisor-
AWS API Usage-
AWS Site-to-Site VPNyes
Amazon WAF Classic-
Amazon WAF-
Amazon WorkMailyes
Amazon WorkSpacesyes

To monitor resources based on tags

  1. In the Dynatrace menu, go to Settings and select Cloud and virtualization > AWS.
  2. Select the Edit icon for the AWS instance.
  3. Set Resources to be monitored to Monitor resources selected by tags.
  4. Enter key/value pairs to identify resources to exclude from monitoring or include in monitoring.
    You can enter multiple key/value pairs: each time you enter a pair, another empty row is displayed for you to edit as needed.
  5. Select Save to save your configuration.

View service metrics

You can view the service metrics in your Dynatrace environment either on the AWS account page or on your Dashboards page.

View metrics on the AWS account page

To view metrics on the AWS account page

  1. In the Dynatrace menu, go to Infrastructure > AWS
  2. Choose AWS account you want to check metrics for.
  3. Select Service box. Metrics for the selected service are visible under the infographic in the service section.

View metrics on the Dashboard

You can also create your own dashboard. For more information on how to create dashboards, go to Create and edit Dynatrace dashboards

Example of AWS built-in monitoring service

example of AWS builtin monitoring service

Available metrics

Metric keyNameUnitAggregationsMonitoring consumption
builtin:cloud.aws.rds.cpu.usage

RDS CPU usage %

Percent (%)autoavgmaxminDDUs
builtin:cloud.aws.rds.latency.read

RDS read latency

SecondautoavgmaxminDDUs
builtin:cloud.aws.rds.latency.write

RDS write latency

SecondautoavgmaxminDDUs
builtin:cloud.aws.rds.memory.freeable

RDS freeable memory

ByteautoavgmaxminDDUs
builtin:cloud.aws.rds.memory.swap

RDS swap usage

ByteautoavgmaxminDDUs
builtin:cloud.aws.rds.net.rx

RDS network received throughput

Byte/secondautoavgmaxminDDUs
builtin:cloud.aws.rds.net.tx

RDS network transmitted throughput

Byte/secondautoavgmaxminDDUs
builtin:cloud.aws.rds.ops.read

RDS read IOPS

Per secondautoavgmaxminDDUs
builtin:cloud.aws.rds.ops.write

RDS write IOPS

Per secondautoavgmaxminDDUs
builtin:cloud.aws.rds.throughput.read

RDS read throughput

Byte/secondautoavgmaxminDDUs
builtin:cloud.aws.rds.throughput.write

RDS write throughput

Byte/secondautoavgmaxminDDUs
builtin:cloud.aws.rds.connections

RDS connections

CountautoavgmaxminDDUs
builtin:cloud.aws.rds.free

RDS free storage space %

Percent (%)autoavgmaxminDDUs
builtin:cloud.aws.rds.restarts

RDS restarts

CountautovalueDDUs